1、 ETSI TS 102 656 V1.2.2 (2014-09) Lawful Interception (LI); Retained Data; Requirements of Law Enforcement Agencies for handling Retained Data TECHNICAL SPECIFICATION ETSI ETSI TS 102 656 V1.2.2 (2014-09)2Reference RTS/LI-00118 Keywords handover, retention, security ETSI 650 Route des Lucioles F-069
2、21 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org The present docu
3、ment may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/
4、or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current st
5、atus of this and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http:/portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced or
6、utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend
7、to reproduction in all media. European Telecommunications Standards Institute 2014. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its Members an
8、d of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI TS 102 656 V1.2.2 (2014-09)3Contents Intellectual Property Rights 4g3Foreword . 4g3Modal verbs terminology 4g3Introduction 4g31 Scope 5g32 References 5g32.1 Normative re
9、ferences . 5g32.2 Informative references 5g33 Definitions and abbreviations . 5g33.1 Definitions 5g33.2 Abbreviations . 6g34 User (LEA) requirements . 7g34.1 Introduction 7g34.2 General requirements . 7g34.3 Requests . 7g34.4 Request for retained data 8g34.5 Delivery 8g34.6 Content of delivery . 9g3
10、4.7 Location information 10g34.8 Availability constraints . 11g34.9 Information transmission and information protection requirements 11g34.10 Internal security 12g34.11 Technical handover interfaces and format requirements 12g34.12 Temporary obstacles to transmission . 12g34.13 Identification of the
11、 request criteria 12g34.14 Multiple requests 13g3Annex A (normative): Administrative requirements 14g3A.1 Non disclosure 14g3A.1.1 CSP . 14g3A.1.2 Manufacturers or 3rdparty providers 14g3Annex B (informative): Change Request History 15g3History 16g3ETSI ETSI TS 102 656 V1.2.2 (2014-09)4Intellectual
12、Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs
13、); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (http:/ipr.etsi.org). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been car
14、ried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Specification (TS) has been produced by ETSI Technic
15、al Committee Lawful Interception (LI). Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should not“, “may“, “may not“, “need“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms
16、for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. Introduction The multi CSP, multi LEA and multinational aspect of the retained data creates the need for a standardized requests and the delivery of the data. The presen
17、t document describes similar to the requirements for lawful interception in TS 101 331 1 the law enforcement needs for the request and delivery and related aspects of retained data. The definition of a handover interface for the request and delivery should allow the technical facilities to be provid
18、ed: - with reliability; - with accuracy; - at low cost; - with minimum disruption and most speedily; - in a secure manner; - using standard procedures. ETSI ETSI TS 102 656 V1.2.2 (2014-09)51 Scope The present document gives guidance for the delivery and associated issues of retained data of telecom
19、munications and subscribers. It provides a set of requirements relating to handover interfaces for the retained traffic data and subscriber data by law enforcement and other authorized requesting authorities. The present document describes the requirements from a Law Enforcement Agencys (LEAs) point
20、 of view. Not all requirements necessarily apply in one individual nation. These requirements may be used to derive specific network requirements and furthermore to standardize handover interfaces. The present document gives the requirements for the delivery of Retained Data (in line with TS 101 331
21、 1 for LI). NOTE: Reading the present document it should be taken in account that: square4 Limitations in what data to be retained are a national issue. 2 References References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specif
22、ic references, only the cited version applies. For non-specific references, the latest version of the reference document (including any amendments) applies. Referenced documents which are not found to be publicly available in the expected location might be found at http:/docbox.etsi.org/Reference. N
23、OTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. 2.1 Normative references The following referenced documents are necessary for the application of the present document. 1 ETSI TS 101 331: “Lawful Interception (LI)
24、; Requirements of Law Enforcement Agencies“. 2.2 Informative references The following referenced documents are not necessary for the application of the present document but they assist the user with regard to a particular subject area. Not applicable. 3 Definitions and abbreviations 3.1 Definitions
25、For the purposes of the present document, the following terms and definitions apply: cell ID: identity of the cell from which a mobile telephony call originated or in which it terminated Communication Service Provider (CSP): generic description covering Access Provider, Service Provider and Network
26、Operator data: traffic data and location data and the related data necessary to identify the subscriber or user ETSI ETSI TS 102 656 V1.2.2 (2014-09)6Law Enforcement Agency (LEA): organization authorized by a lawful authorization based on a national law to receive the results of telecommunications r
27、etained data lawful authorization: permission granted to a LEA under certain conditions to request specified telecommunications retained data and requiring co-operation from a network operator/service provider/access provider NOTE: Typically, this refers to a warrant or order issued by a lawfully au
28、thorized body. location information: information relating to the geographic, physical or logical location of an identity relating to an interception subject quality of service: quality specification of a telecommunications channel, system, virtual channel, computer-telecommunications session, etc. N
29、OTE: Quality of service may be measured, for example, in terms of signal-to-noise ratio, bit error rate, message throughput rate or call blocking probability. reliability: probability that a system or service will perform in a satisfactory manner for a given period of time when used under specific o
30、perating conditions request criteria: identity associated with a retained data to be delivered target identity: identity associated with a retained data to be delivered telecommunications: any transfer of signs, signals, writing images, sounds, data or intelligence of any nature transmitted in whole
31、 or in part by a wire, radio, electromagnetic, photoelectric or photo optical system telephone service: calls (including voice, voicemail and conference and data calls), supplementary services (including call forwarding and call transfer) and messaging and multi-media services (including short messa
32、ge services, enhanced media services and multi-media services) unsuccessful call attempt: communication where a telephone call has been successfully connected but not answered or there has been a network management intervention. user: any legal entity or natural person using a publicly available ele
33、ctronic communications service, for private or business purposes, without necessarily having subscribed to that service user ID: unique identifier allocated to persons when they subscribe to or register with an Internet access service or Internet communications service 3.2 Abbreviations For the purp
34、oses of the present document, the following abbreviations apply: CSP Communication Service Provider DSL Digital Subscriber Line GPRS General Packet Radio Service GPS Global Positioning SystemGSM Global System for Mobile communications HLR Home Location Register ID IDentity IMEI International Mobile
35、Equipment Identity IMSI International Mobile Subscriber Identity IP Internet Protocol ISO International Organization for Standardization LEA Law Enforcement AgencyLI Lawful Interception VLR Visited Location Register WLAN Wireless Local Area Network xDSL any Digital Subscriber Line technology ETSI ET
36、SI TS 102 656 V1.2.2 (2014-09)74 User (LEA) requirements 4.1 Introduction This clause presents the user requirements related to the retained data of telecommunications with the LEA being the user. The relevant terms are defined in clause 3.1. These user requirements are subject to national law and i
37、nternational treaties and should be interpreted in accordance with applicable national policies. The following list of requirements is a collection of items, where several requirements might not correspond to national laws and regulations of the individual countries. Implementation takes place if re
38、quired by national law. The Handover Interface(s) (HIs) should be configured in such a way that it (they) complies with the appropriate national requirements. A lawful authorization may specify a subset of requirements to be delivered on a case-by-case basis, this is based on the national regulation
39、 for different LEAs. 4.2 General requirements a) The obligation of the Communication Service Provider (CSP) as to which data shall be retained and delivered is subject to national laws. b) The obligation of the CSP as to which period the data shall be retained subject to national laws. c) The CSP wi
40、ll be able to provide data of subscriber and subscriber related traffic data that was generated or processed within the retention period within its telecommunications system. d) The CSP will be able to provide data received from other networks that was generated or processed (originated, terminated
41、or forwarded) within the retention period within its telecommunications system. e) The present document relates only to data generated or processed as a consequence of a communication or a communication service and does not relate to data that are the content of the information communicated. Data ge
42、nerated or processed when supplying the communications services concerned refers to data which are accessible. In particular the obligation to retain data may apply only in respect of data from the providers or the network providers own services. f) Given that the obligations on providers of electro
43、nic communications services should be proportionate, this requires that they retain only such data as are generated or processed in the process of supplying their communications services. To the extent that such data are not generated or processed by those providers, there is no obligation to retain
44、 them. There is no intention to harmonize the technology for retaining data, the choice of which is a matter to be resolved at national level. NOTE 1: The retention of data applies to the use of services. This applies to subscribers, visitors, etc. of the service. NOTE 2: The retention of data appli
45、es to all calls or services including those from roaming scenarios, e.g. mobile roaming records (ISO spec). 4.3 Requests a) The requests for retained data can apply to: 1) data generated or processed in association with communication or communication attempts (typically unsuccessful calls) (in accor
46、dance with particular national requirements); 2) subscriber data. b) The requests for retained data will be based on the request criteria defined in clause 4.4. c) The request shall not require the CSP to make any subjective decisions, to use any judgement or discretion. In other words, requests sha
47、ll be such that it is immediately clear whether a particular record matches the request. d) The requests will be done by lawful authorization. ETSI ETSI TS 102 656 V1.2.2 (2014-09)8e) A lawful authorization can contain a combination of: 1) a single request based on a single request criterion; 2) mul
48、tiple requests based on an aggregation of single request criteria; 3) a request based on a range of request criteria. NOTE: A request that conforms to the ETSI standard should not be assumed to be lawful under all jurisdictions. The delivery interface is not required to provide such a guarantee. It
49、is assumed that national and international procedures are also in place to assure that the request is lawful. 4.4 Request for retained data a) The request criteria for retained subscriber data shall contain the time stamp or time window and can be based on: 1) a service or network identifier: i) network or service address (for example E.164, IP address, email, uri); ii) equipment identifier (for example IMEI); iii) network element (for example base station Global CellID); or 2) a name: A name identifying for example the subscriber or registered user of the CSP; or 3
